This disclosure relates to controlling network access.
Reducing nefarious access to protected computer systems is of paramount concern given the prevalence of and significant reliance on such systems. One conduit employed to gain unauthorized access to a protected system is via a client browser residing within the protected system. For example, in response to an HTTP request from a client browser within the protected system, a source external to the protected system may provide content to the client browser. The provided content may contain malicious code capable of exploiting vulnerabilities associated with the client browser to gain access to the protected system or otherwise collect sensitive data stored on the client device running the browser.
Client browser and third party developers continually strive to eliminate vulnerabilities associated with browsers by releasing new browser versions and security patches, providing anti-virus software, and otherwise bolstering the security of the browsers. However, these measures are of little effect if they are not implemented.
Other solutions include network access control (NAC) solutions. One NAC solution is an agent-based, in which an agent is installed on a client device. When a user connects to a network, a NAC system remotely requests health status of the client device from the agent. If the health of the agent does not meet an access policy requirement, access to the network is precluded. Another NAC solution does not require an agent. Such a solution remotely scans a client device to assess the health of the device.
NAC solutions, whether agent-based or not, are often implemented in the same network environment as the client device and are of limited utility in scanning a device through a firewall or through some other network access translation (NAT).